image
While online holiday shopping is nothing new, more of us will be avoiding the malls and brick-and-mortar stores this year — which opens up big opportunities for cybercriminals. This, along with COVID-19, is expected to anchor most of the scam and phishing lures in circulation this season. Since pandemic lockdowns began in early 2020, contactless transactions skyrocketed, and seasonal holiday shopping will likely continue that trend. According to a recent survey from CreditCards.com, more than 70 percent of Americans will make most of their holiday purchases online this year, compared with 51 percent in 2019. Unfortunately, that also means we have to look forward to more cyberthreats trying to cash in on the spirit of gift-giving and charity donations during the holidays. Meanwhile, we already know that COVID-19-related phishing scams skyrocketed 600 percent between February and March this year, shortly after the pandemic took hold across Europe and the U.S. This year, along with the usual garden-variety holiday scams, we’re likely to see more phishing attacks both directly and indirectly related to the pandemic. Although phishing scams are likely to target consumers in volume during the holiday season, there are many versions, such as whale-phishing, that are designed to target high-level executives and other key individuals. In fact, the majority of your remote employees who use either personal or corporate-owned devices probably encounter at least one of these scams every…

Source

image
Stealing a jumbo-jet airplane sounds like a ridiculous movie, but it’s actually just one example of IP theft. It’s happening to tech giants like Twitter and Google, and consumer brands like Hershey. But it’s also happening to organizations built around security — like McAfee and even the CIA. In fact, a survey by Osterman Research found that seven in 10 organizations had experienced significant data or knowledge loss due to employees exfiltrating information. The huge (and hidden) costs of insider IP theft The risk of losing your “secret sauce” is obvious. But there’s a huge range of IP to protect: product roadmaps, strategic go-to-market plans, customer lists and other inside sales info, source code, or CAD files in the midst of development. These are all critical gears in a business’s revenue engine. Losing any one of them could stall that engine — delaying product launches, impacting service levels, impeding sales conversations. But it can also cause your business to lose its competitive advantages — or worse, see these advantages fall into the hands of a competitor. Most IP exists as living, moving, evolving files — that’s why it’s such a challenge One big problem with protecting IP is that these are the files your employees are working on every day. They need to be edited and shared — this is critical to enable the collaboration and innovation that fuel businesses’ success. It’s also no surprise that nearly three in four employees (72%) say they feel entitled to the…

Source

image
Americold, a company whose cold-storage capabilities are integral to the U.S. food-supply chain (and soon, COVID-19 vaccine distribution), has confirmed an operations-impacting cyberattack, according to a filing with the Securities and Exchange Commission (SEC). The filing was brief and read in part: “As a precautionary measure, the company took immediate steps to help contain the incident and implemented business continuity plans, where appropriate, to continue ongoing operations… Security, in all its forms, remains a top priority at Americold, and the company will continue to seek to take all appropriate measures to further safeguard the integrity of its information technology infrastructure, data and customer information.” The attack appears to be a ransomware incident that started on Nov. 16, according to a Bleeping Computer report. The attack affected the company’s phone systems, email, inventory management and order fulfilment, according to reports on Twitter. One truck driver on Monday tweeted, “At a Americold [depot] and their systems are down,” they noted. “They are unable to assign me to a door. Well let the waiting begin.” The attack is likely to be highly targeted and well-thought-out, according to researchers. “Human-operated ransomware attacks begin with trojans or other exploits against unsophisticated vectors,” Chloé Messdaghi, vice president of strategy at Point3 Security, said via email. “Once a way in is found, malware is planted and privileges are…

Source

image
Security experts are applauding the recent stamp of approval by the U.S. Senate on a groundbreaking internet-of-things (IoT) security regulatory effort. The IoT Cybersecurity Improvement Act, which was led in bipartisan sponsorship by Reps. Will Hurd (R-Texas) and Robin Kelly (D-Ill.), would require the federal procurement and use of IoT devices to conform to basic security requirements. The act was unanimously passed by the House in September, and by the Senate earlier this week; the next step is for it to be sent to the president to be signed into law. Security stalwarts praised the bill’s alignment with existing standards and best practices, as well as its meaning for IoT devices – which have long been plagued by security and privacy issues. “Through the Act, the federal government can lead by example in implementing basic IoT security standards and best practices for devices it buys and manages, and drive contractors’ adoption of standards-based coordinated vulnerability disclosure processes,” according to Harley Geiger, director of Public Policy at Rapid7, in a recent post. The IoT Cybersecurity Improvement Act The IoT Cybersecurity Improvement Act has several different parts. First, it mandates that NIST must issue standards-based guidelines for the minimum security of IoT devices that are owned by the federal government. The Office of Management and Budget (OMB) must also implement requirements for federal civilian agencies to have information-security policies…

Source

image
China-backed APT Cicada joins the list of threat actors leveraging the Microsoft Zerologon bug to stage attacks against their targets. In this case, victims are large and well-known Japanese organizations and their subsidiaries, including locations in the United States. Researchers observed a “large-scale attack campaign targeting multiple Japanese companies” across 17 regions and various industry sectors that engaged in a range of malicious activity, such as credential theft, data exfiltration and network reconnaissance. Attackers also installed the QuasarRAT open-source backdoor and novel Backdoor.Hartip tool to continue surveillance on victims’ systems, according a recent report. Due to some notable hallmark activity, the attacks appear to be the work of Cicada (aka APT10, Stone Panda, Cloud Hopper), a state-sponsored threat group which has links to the Chinese government, researchers at Broadcom’s Symantec said. “This campaign has been ongoing since at least mid-October 2019, right up to the beginning of October 2020, with the attack group active on the networks of some of its victims for close to a year,” researchers wrote in a report posted online. “The campaign is very wide-ranging, with victims in a large number of regions worldwide.” A number of threat patterns and techniques observed in the campaign that link the activity to Cicada, including a third-stage DLL with an export named “F**kYouAnti;” a third-stage DLL using CppHostCLR technique to inject and execute…

Source

image
Cybercriminals are recognizing that the data that automotive companies have to offer – from customer and employee personal identifiable information (PII) to financial data – is invaluable. Recently, one attacker installed a keystroke logger on the workstation of a car dealership’s finance specialist, to obtain their credentials and access customer credit reports. Another launched a ransomware attack on Toyota Australia, leading to delays in servicing and disruption in the supply of parts. Paul Proudhomme, cyber-threat intelligence analyst at IntSights, warned in new Thursday research that automotive cyberattacks are on the rise – whether they’re aimed at intellectual property (IP) theft or bent on delivering ransomware. And, with the ongoing pandemic shaking up both the sales and supply chain across the automotive industry, the risks of cyberthreats are only adding on to an existing pile of problems. Listen to this week’s Threatpost podcast episode with Proudhomme, to learn more about the threat landscape for automotive companies. Listen to the full podcast, below, or download here. [ ](http://iframe%20style=border:%20none%20src=//html5-player.libsyn.com/embed/episode/id/16864940/height/360/theme/legacy/thumbnail/yes/direction/backward/%20height=360%20width=100%%20scrolling=no%20%20allowfullscreen%20webkitallowfullscreen%20mozallowfullscreen%20oallowfullscreen%20msallowfullscreen/iframe) Below find a lightly-edited transcript of this podcast. Lindsey O’Donnell-Welch:…

Source

image
Millions of malicious scans are rolling across the internet, looking for known vulnerabilities in the Epsilon Framework for building WordPress themes, according to researchers. According to the Wordfence Threat Intelligence team, more than 7.5 million probes targeting these vulnerabilities have been observed, against more than 1.5 million WordPress sites, just since Tuesday. Epsilon serves as the foundation for multiple third-party WordPress themes. Multiple recently patched security bugs in the framework could be chained together to allow remote code-execution (RCE) and site takeovers, researchers said. Through code reuse, multiple themes have vulnerable versions in circulation, including Shapely, NewsMag, Activello and 12 others, detailed in the firm’s Tuesday blog post. “The security flaws on WordPress websites in themes using the Epsilon Framework are just another example of this content management system’s inherent security risks,” said Ameet Naik, security evangelist at PerimeterX, via email. “Shadow Code introduced via third-party plugins and frameworks vastly expands the attack surface for websites. Website owners need to be vigilant about third-party plugins and framework and stay on top of security updates.” The issues in question are function-injection bugs, affecting around 150,000 sites in total, Wordfence estimated. “So far today, we have seen a surge of [attacks] coming from over 18,000 IP addresses,” according to the posting. “While we occasionally see…

Source

image
The Los Angeles Police Department (LAPD) has banned the use of commercial facial-recognition services – citing “public trust” considerations. The move comes in the wake of a report that showed that more than 25 employees of the department had performed 475 searches so far using the Clearview AI, an artificial intelligence (AI)-powered facial-recognition platform. “It has come to the Department’s attention that a limited number of personnel have accessed commercial facial-recognition systems [like Clearview] for Department business,” Deputy Police Chief John McMahon wrote in a statement published by Buzzfeed. “Department personnel shall not use third-party commercial facial recognition services nor conduct facial-recognition searches on behalf of outside agencies.” “Clearview grabs photos from all over the place, and that, from a department standpoint, raises public-trust concerns,” McMahon added. At issue is the fact that Clearview uses photos from social media and other publicly available sources, without consent, in violation of what some say are basic privacy rights. Groups like the American Civil Liberties Union (ACLU) and Electronic Frontier Foundation have been loudly critical of facial recognition AI as a potential means of state surveillance. Watchdog Groups Sue ACLU has taken Clearview AI to court over privacy issues. Specifically, its complain alleges that the company’s massive database was amassed by collecting the biometric data of billions of people without…

Source

image
A vulnerability in Cisco’s Webex conferencing application could allow an attendee to act as a “ghost” in the meeting – allowing them to spy in on potentially sensitive company secrets. To exploit the flaw (CVE-2020-3419), attackers can be remote – however, they would need access to join the Webex meetings, including applicable meeting “join” links and passwords. For this reason, the flaw is only considered medium severity by Cisco, ranking 6.5 out of 10 on the CVSS scale. However, the practical implications are significant when considering information a “ghost” could obtain in a meeting that assumed he or she was absent from. Once they have meeting access, an attacker could exploit the flaw by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. The bad actor could then exploit this vulnerability to join meetings – without appearing in the participant list – giving them full access to audio, video, chat and screen sharing capabilities. “With this flaw, a ghost could stay in a meeting while not being seen by others, even after being expelled by the host, which makes this practice especially problematic,” said researchers with IBM in a Wednesday analysis. “We identified that we could maintain the working bidirectional audio communication while a server thought the connection from an attendee dropped — meaning the attendee disappeared from the participants panel and became a ghost.” This vulnerability is due to improper handling…

Source

image
Google has released patches for several high-severity vulnerabilities in its Chrome browser with the rollout of Chrome 87 for Windows, Mac and Linux users. Overall, Google fixed 33 vulnerabilities in its latest version, Chrome 87.0.4280.66, which is being rolled out over the coming days. This includes one high-severity CVE (CVE-2020-16022) that could allow a remote attacker to bypass security restrictions and access any Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port on a victim’s computer. This issue was disclosed on Oct. 31 by Samy Kamkar, security researcher and co-founder of Openpath, who called the attack “NAT slipstreaming.” “Slipstreaming is easy to exploit as it’s essentially entirely automated and works cross-browser and cross-platform, and doesn’t require any user interaction other than visiting the victim site,” Kamkar told Threatpost. At a high level, an attacker could remotely exploit the flaw by persuading a victim to visit a specially crafted website (via social engineering and other tactics). The attacker would then be able to bypass security restrictions. “NAT Slipstreaming allows an attacker to remotely access any TCP/UDP service bound to a victim machine, bypassing the victim’s NAT/firewall (arbitrary firewall pinhole control), just by the victim visiting a website,” Kamkar said in his analysis of the issue. The attack specifically centralizes around Network Address Translation (NAT), which translates the IP addresses of…

Source